If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Securing website with Login an logout

I am a complete beginner, I designed a website i need to secure with login. The website requires different Admin login and User login. I have designed database for both. I used the following for the user. I can login successfully but the webpages are still on protected.

<?php
// Check if session is not registered, redirect back to main page.
// Put this code in first line of web page.
session_start();
if( isset($_SESSION["username"]) ){
header("location:login_form.php");
}
?>

(logout.php)

<?php

$past = time() - 100;

//this makes the time in the past to destroy the cookie

setcookie('ID_my_site, gone, $past');

setcookie('Key_my_site, gone, $past');

header("Location: login.php");

?>

Please I will be forever grateful to you if you can help me through this.

i havent looked closely but you probably need to session_start(); before you do

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

also, its totally unnecessary to put the user's password into the session; its very bad practice.

also you should be hashing your passwords and not storing them in plain text (google: hashing passwords)

i would suggest checking out some tutorials on writing secure systems; but really I would be using an existing system for securing your site; look at any sort of CMS or framework that has usernames/passwords; you dont want to reinvent the wheel!